Novell: >> Suse Cloud Security Vulnerabilities
Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs.
CVSS Score
7.5
EPSS Score
0.004
Published
2014-04-04
The server in Crowbar, as used in SUSE Cloud 1.0, uses weak permissions for the production.log file, which has unspecified impact and attack vectors.
CVSS Score
10.0
EPSS Score
0.002
Published
2013-12-02